4.3
CVE-2012-0214
- EPSS 1.34%
- Veröffentlicht 15.04.2014 23:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
LoginThe pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advanced Package Tool ≫ Advanced Package Tool Version <= 0.8.16\~exp12
Advanced Package Tool ≫ Advanced Package Tool Version0.8.11
Advanced Package Tool ≫ Advanced Package Tool Version0.8.12
Advanced Package Tool ≫ Advanced Package Tool Version0.8.13
Advanced Package Tool ≫ Advanced Package Tool Version0.8.14
Advanced Package Tool ≫ Advanced Package Tool Version0.8.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.34% | 0.675 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6
http://www.ubuntu.com/usn/USN-1385-1